Chrome 68 and earlier displayed the full web address all the time in the address bar but that is no longer the case in Chrome 69 as Google implemented two changes of which one has far reaching consequences.

Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is signed with a digital certificate that belongs to Chinese company LeagSoft, a developer of information security software based...

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company]]>New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPsFri, 07 Sep 2018 14:57:39 +0000http://tweakbytes.com/threads/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups.6928/
http://tweakbytes.com/threads/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups.6928/invalid@example.com (silversurfer)silversurfer
First discovered by security researcher nao_sec at the end of August 2018, this kit is installed on hacked sites and will attempt to exploit vulnerabilities on a visitor's computer. The exploited vulnerabilities are for Adobe Flash Player (CVE-2018-4878) and the Windows VBScript engine...

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs]]>Active Spy Campaign Exploits Unpatched Windows Zero-DayThu, 06 Sep 2018 18:20:48 +0000http://tweakbytes.com/threads/active-spy-campaign-exploits-unpatched-windows-zero-day.6927/
http://tweakbytes.com/threads/active-spy-campaign-exploits-unpatched-windows-zero-day.6927/invalid@example.com (silversurfer)silversurfer
The flaw is a local privilege escalation vulnerability in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface — it allows a local unprivileged user to change the permissions of any file on the system and modify it, including system files that are executed by...

On 13 August NETSCOUT’s ASERT team identified new spear-phishing campaign activity from the financially motivated hacking group Cobalt. Given that the messages appear to be coming from a trusted source, many victims fall prey...

APT Uses Spear Phishing in New Campaign]]>Kaspersky: Global Transparency Initiative status updateFri, 31 Aug 2018 09:47:10 +0000http://tweakbytes.com/threads/kaspersky-global-transparency-initiative-status-update.6912/
http://tweakbytes.com/threads/kaspersky-global-transparency-initiative-status-update.6912/invalid@example.com (RGiskardR)RGiskardR
​In October 2017 we announced the Global Transparency Initiative to prove that we have nothing to hide, so that our customers can trust us — not just because of what we say, but because of what we do.

We’ve faced a lot of false allegations of wrongdoings from different sources. Although there is not even a single fact presented to support those allegations, we believe it is our...

Kaspersky: Global Transparency Initiative status update]]>MitM and DoS attacks on domains through the use of residual certificatesFri, 31 Aug 2018 09:37:25 +0000http://tweakbytes.com/threads/mitm-and-dos-attacks-on-domains-through-the-use-of-residual-certificates.6911/
http://tweakbytes.com/threads/mitm-and-dos-attacks-on-domains-through-the-use-of-residual-certificates.6911/invalid@example.com (RGiskardR)RGiskardR
​HTTPS certificates are one of the pillars of Internet security. But it is not all roses with them. We have already discussed the ways the existing system often fails to guarantee security to users. Now let us focus on what can go wrong for the website owners.

Two valid certificates for the same domain

Domain registration and HTTPS...

MitM and DoS attacks on domains through the use of residual certificates]]>It is time to opt out of Yahoo Mail email scanningFri, 31 Aug 2018 09:25:17 +0000http://tweakbytes.com/threads/it-is-time-to-opt-out-of-yahoo-mail-email-scanning.6908/
http://tweakbytes.com/threads/it-is-time-to-opt-out-of-yahoo-mail-email-scanning.6908/invalid@example.com (RGiskardR)RGiskardR
​Yahoo Mail and AOL Mail, which both fly under the Oath banner, a Verizon owned company, scan emails that arrive in user inboxes to improve advertisement targeting.

An article published by The Wall Street Journal (sorry, no link as it is paywalled), suggests that Oath's email scanning may go beyond what users of the service may deem acceptable.

According to the article, Yahoo is scanning commercial emails of all free users...

​Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot dispatches all its loot to the malware owners.

ISO images are copies of optical discs...

Loki Bot: On a hunt for corporate passwords]]>Beware of Fake "Shipping Docs" Malspam Pushing the DarkComet RATThu, 30 Aug 2018 18:15:33 +0000http://tweakbytes.com/threads/beware-of-fake-shipping-docs-malspam-pushing-the-darkcomet-rat.6904/
http://tweakbytes.com/threads/beware-of-fake-shipping-docs-malspam-pushing-the-darkcomet-rat.6904/invalid@example.com (silversurfer)silversurfer
As this remote access Trojan, or RAT, can steal a significant amount of information from an infected computer, it is important to be aware of threats like this so you do not mistakenly become infected.

BleepingComputer was first alerted to this campaign by security researcher...

Beware of Fake "Shipping Docs" Malspam Pushing the DarkComet RAT]]>CEIDPageLock Rootkit Hijacks Web BrowsersThu, 30 Aug 2018 13:40:19 +0000http://tweakbytes.com/threads/ceidpagelock-rootkit-hijacks-web-browsers.6903/
http://tweakbytes.com/threads/ceidpagelock-rootkit-hijacks-web-browsers.6903/invalid@example.com (silversurfer)silversurfer
Dubbed CEIDPageLock, the malware was initially discovered a few months ago, when it was attempting to modify the homepage of a victim’s browser. The rootkit is currently attempting to turn the victim browser’s homepage into a site pretending to be a Chinese web directory.

On top of these sophisticated features, the latest versions of the malware monitors user browsing and, when the user attempts to access...

CEIDPageLock Rootkit Hijacks Web Browsers]]>Expect an increase in browser privacy and security warningsWed, 29 Aug 2018 10:37:15 +0000http://tweakbytes.com/threads/expect-an-increase-in-browser-privacy-and-security-warnings.6898/
http://tweakbytes.com/threads/expect-an-increase-in-browser-privacy-and-security-warnings.6898/invalid@example.com (RGiskardR)RGiskardR
​Internet users will soon experience an increase in privacy and security warnings displayed by the web browsers that they use to connect to Internet sites.

Users of Google Chrome will see an increase in "Your connection is not private" security messages and users of Mozilla Firefox will receive more "Warning: Potential Security Risk Ahead" warnings in the browser.

Google, Mozilla and other browser makers revealed plans to distrust all certificates issued by Symantec in web browsers...

BusyGasper – the unfriendly spy]]>The rise of mobile banker AsacubWed, 29 Aug 2018 10:29:24 +0000http://tweakbytes.com/threads/the-rise-of-mobile-banker-asacub.6894/
http://tweakbytes.com/threads/the-rise-of-mobile-banker-asacub.6894/invalid@example.com (RGiskardR)RGiskardR
​We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than stealing funds. The Trojan has evolved since then, aided by a large-scale distribution campaign by its creators (in spring-summer 2017), helping Asacub to claim top spots in last...